The world’s largest home improvement chain store, Home Depot, yesterday confirmed a data breach affecting credit cards and debit cards used in stores on the American mainland, which may have continued since April.

[A much shorter version of this article appeared in the October 2013 Threat Radar Report as ‘The Thoughtful Phisher’. As these particular scam/spam campaigns don’t seem to be diminishing, however – indeed, some of the phishing techniques seem to be getting more sophisticated – I thought perhaps it was worth updating and expanding for a

Cyber attacks on America will continue to escalate, according to National Security Director Keith Alexander, speaking to the Reuters Cybersecurity Summit in Washington. “Disruptive and destructive attacks on our country will get worse,” said Alexander, the leading U.S. general in charge of the nation’s cybersecurity. “Mark my words, it will get worse.”

CBS in San Francisco is reporting a rather novel cash machine attack. . It seems that crooks are applying superglue to the clear, enter, and cancel buttons on cash machines at banks. A customer goes to the cash machine, inserts their card and enters their PIN. Then the victim notices the enter key is not

…many scams work by panicking victims into taking some unwise action, whether it’s parting with their credit card details or opening a malicious program, claiming that some problem or illegal action is associated with their computer or IP address, such as transmitting malware or visiting paedophile or other pornographic sites…

My colleague Urban Schrott, from ESET Ireland, wrote a nice feature article for our monthly ThreatSense report (which should be available shortly on the Threat Center page at http://www.eset.com/threat-center) on seasonal scams. As the scam season is starting to get into full swing, we thought it might be good to give it a wider audience here.

Regrettably, pretty much anything could happen to your credit card while it’s out of your sight. However, the “ATM Card Skimming and PIN capturing Awareness Guide”, while it can’t cover every possible permutation of illicit additives to your friendly local ATM, does at least offer some guidance as to what to look for.

Insider Threat – your ATM may now be hacked from the inside. According to Wired’s Threat Level Blog… A Bank of America worker installed malicious software on his employer’s ATMs that allowed him to make thousands of dollars in fraudulent withdrawals, all without leaving a transaction record, according to federal prosecutors. According to the

Further to an earlier blog about the "broken" Chip & PIN credit card security system (strictly speaking, the primary problem described is with EMV), it's noticeable that, as John Leyden puts it, "Industry groups [have] leap[t] to Chip and PIN's defence." In fact, the response has been a bit more mixed than that. But there

[Updated after further investigation.] For the past few days, I’ve been seeing spam to one of my accounts offering me various bits of software. Nothing unusual about that, of course, but this one was better constructed than usual, and consistent, and I made a mental note to look more closely when I’m a little less